HI Andrew,
Looks like Phase-2 rekey is not going well.
Does the tunnel still stay up and not pass traffic? OR
Does the Tunnel go down and we need to rebuild it after sometime?
Post the following outputs:
show crypto isakmp sa detail (from both PIX and Router)
show crypto ipsec sa peer (from the router)
show crypto ipsec sa peer (from the pix)
when this happens again, could you post the debugs from both the router and the pix (debug crypto isakmp and debug crypto ipsec).
To recreate the issue, can you reduce the ESP lifetime to say 10 minutes (600 seconds) and let me know if the tunnel stops working in 10 minutes.
Regards,
Praveen